DHCP-Snooping command on catos

hanwucisco · ‎11-15-2012

I am trying to find a command for dhcp snooping rate-limiting on a CatOS. The PFC card is PFC.

PFC3B is said to support that command. But there seems no this command.

thanks,

Han

-6k> (enable) sh ver

WS-C6509-E Software, Version NmpSW: 8.4(5)

NMP S/W compiled on Aug 3 2005, 13:26:46

System Bootstrap Version: 12.2

System Web Interface Version: Engine Version: 5.3.4 ADP Device: Cat6000 ADP Version: 7.1 ADK: 49

System Boot Image File is 'bootdisk:cat6000-sup32pfc3cvk9.8-4-5.bin'

System Configuration register is 0x2102

Hardware Version: 1.2 Model: WS-C6509-E Serial #:

Mod Port Model Serial # Versions

--- ---- ------------------- ----------- --------------------------------------

1 48 WS-X6148-GE-45AF SAL09486P7X Hw : 1.1

Fw : 7.2(1)

Sw : 8.4(5)

2 48 WS-X6148-GE-45AF SAL09486P9V Hw : 1.1

Fw : 7.2(1)

Sw : 8.4(5)

3 48 WS-X6148-GE-45AF SAL09486P7K Hw : 1.1

Fw : 7.2(1)

Sw : 8.4(5)

5 9 WS-SUP32-GE-3B SAL10019AEY Hw : 4.2

Fw : 12.2

Fw1: 8.4(5)

Sw : 8.4(5)

Sw1: 8.4(5)

WS-F6K-PFC3B SAL10019ACD Hw : 2.1==>PFC3B is said to support that command.

Sw :

15 1 WS-F6K-MSFC2A SAL100194W9 Hw : 3.0

Fw : 12.2(17d)SXB11

Sw : 12.2(17d)SXB11

DRAM FLASH NVRAM

Module Total Used Free Total Used Free Total Used Free

------ ------- ------- ------- ------- ------- ------- ----- ----- -----

5 262144K 122891K 139253K 249772K 14980K 234792K 2048K 347K 1701K

Uptime is 1183 days, 1 hour, 41 minutes

ajay chauhan · ‎11-18-2012

Basic Configuration

Configure DHCP Snooping on a port or ports;

(enable) set port dhcp-snooping mod/ports trust {enable | disable}

Note: Use the enable or disable keywords to make the port trusted or untrusted.

DHCP Snooping Address Binding

A switch with DHCP Snooping enabled will maintain a 'binding' table mapping MAC address, IP address, Lease time, Vlan and port details for each current DHCP client. The table can be examined and manipulated with the following commands;

To examine the table;

(enable) show dhcp-snooping bindings [ip_addr | MAC_addr | port | vlan]

To delete an entry from the bindings database;

(enable) clear dhcp-snooping bindings [ip_addr mac_addr port int_id valn vlan_num]

To clear the entire snooping binding table;

(enable) clear dhcp-snooping bindings

Verification Commands

(enable) show dhcp-snooping bindings Show the entire bindings table.

(enable) show dhcp-snooping config Show details of current configuration.

(enable) show dhcp-snooping statistics DHCP snooping statistics.

hanwucisco · ‎11-19-2012

Ajay,

thanks, but i only need to know the command that limiting the rate. any idea?

Han

amikat · ‎11-19-2012

Hi,

The "ip dhcp snooping limit rate" IOS command cannot be used with your hybrid. To my knowledge the only way to rate limit the DHCP snooping with CatOS is to use the "set security acl feature ratelimit" command, but this one limits shared rate of the DHCP snooping, ARP inspection and 802.1X-DHCP (in actual fact only two of these for your case as DHCP snooping and 802.1X-DHCP are mutually exclusive).

Best regards,

Antonin